Spec Name or Url: http://fedora.lowlatency.de/review/nessus-plugins-GPL.spec SRPM Name or Url: http://fedora.lowlatency.de/review/nessus-plugins-GPL-2.2.6-1.src.rpm Description: Nessus is a free, up-to-date and full featured remote security scanner. It makes possible to test security modules in an attempt to find vulnerable spots that should be fixed. It is made up of two parts: a server, and a client. The server/daemon, nessusd, is in charge of the attacks, whereas the client, nessus-client-gtk, provides the user a nice X11/GTK+ interface. This package contains Nessus plugins and scripts to build additional plugins.
rpmlint: rpmlint of nessus-plugins-GPL-2.2.6-1.x86_64.rpm:W: nessus-plugins-GPL no-version-in-last-changelog E: nessus-plugins-GPL non-standard-executable-perm /var/lib/nessus/plugins/hydra.nes 0555 E: nessus-plugins-GPL non-standard-executable-perm /var/lib/nessus/plugins/objectserver.nes 0555 E: nessus-plugins-GPL non-standard-executable-perm /var/lib/nessus/plugins/ssl_ciphers.nes 0555 E: nessus-plugins-GPL non-executable-script /var/lib/nessus/plugins_factory/libtool 0444 E: nessus-plugins-GPL non-standard-executable-perm /var/lib/nessus/plugins/ftp_write_dirs.nes 0555 E: nessus-plugins-GPL non-standard-executable-perm /var/lib/nessus/plugins/nmap_tcp_connect.nes 0555 E: nessus-plugins-GPL non-standard-executable-perm /var/lib/nessus/plugins/snmp_portscan.nes 0555 E: nessus-plugins-GPL non-standard-executable-perm /var/lib/nessus/plugins/nmap_wrapper.nes 0555 E: nessus-plugins-GPL non-standard-executable-perm /var/lib/nessus/plugins/find_service.nes 0555 E: nessus-plugins-GPL non-standard-executable-perm /var/lib/nessus/plugins/smad.nes 0555 E: nessus-plugins-GPL non-standard-executable-perm /var/lib/nessus/plugins/tftp_grab_file.nes 0555 E: nessus-plugins-GPL non-standard-executable-perm /var/lib/nessus/plugins/synscan.nes 0555 E: nessus-plugins-GPL non-standard-executable-perm /var/lib/nessus/plugins/nessus_tcp_scanner.nes 0555 E: nessus-plugins-GPL non-standard-executable-perm /var/lib/nessus/plugins/nikto_wrapper.nes 0555 E: nessus-plugins-GPL non-standard-executable-perm /var/lib/nessus/plugins/linux_tftp.nes 0555 rpm was probably expecting 755 or so. - package meets naming guidelines - package meets packaging guidelines - license (GPL (obviously :) and BSD) OK, text in %doc, matches source However, though I'm not a lawyer, certain terms in the Tenable license seem too restrictive, particularly in the Other Restrictions clause. Which plugins are licensed under this? - spec file legible, in am. english - source matches upstream - package compiles on devel (x86_64), works - no missing BR - no unnecessary BR - no locales - not relocatable - owns all directories that it creates - no duplicate files - permissions ok - %clean ok - macro use consistent - code, not content - no need for -docs - nothing in %doc affects runtime - no need for .desktop file
to be honest: I don't know. I will see if I can find something out so...
The specific section in this license that I'm concerned about: "You shall not, directly or indirectly: (i) sell, lease, rent, license, sublicense, distribute, redistribute or transfer any Plugins or any of your rights under this Agreement; (ii) modify, translate, reverse engineer (except to the limited extent permitted by law), decompile, disassemble or create derivative works based on any Plugins; (iii) use any Plugins other than in conjunction with Registered Nessus or NeWT Scanners obtained directly from www.nessus.org or www.tenablesecurity.com to detect vulnerabilities on your own system or network or on the system or network; or (iv) remove, alter or obscure any proprietary notice, labels or marks on any Plugins." A quick grep through the scripts shows 517 out of 1074 explicitly contain "GPL". But many say no license at all. If we knew what falls under this license in this package, if any, they could be excluded but now I don't know.
Debian bug seems to make the most sense of this mess. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291658 You may want to ask the packager which are GPL.
will move this to lvn ... package sould be good to go there =)
Andreas that is really not the right answer. The correct answer is to ask for legal to review and see what they say.
Removing from FE-REVIEW blocker list, since its no longer under review.
Sorry for the spam; I'm trying to clear the FE-Legal blocker since this ticket is no longer open, but instead I'm just a bonehead.